Share

OpenURL

Abstract

We point to three types of potential vulnerabilities in the Bluetooth standard, version 1.0B. The first vulnerability opens up the system to an attack in which an adversary under certain circumstances is able to determine the key exchanged by two victim devices, making eavesdropping and impersonation possible. This can be done either by exhaustively searching all possible PINs (but without interacting with the victim devices), or by mounting a so-called middle-person attack. We show that one part of the key exchange protocol -- an exponential backoff method employed in case of incorrect PIN usage -- adds no security, but in fact benefits an attacker. The second vulnerability makes possible an attack -- which we call a location attack -- in which an attacker is able to identify and determine the geographic location of victim devices.